tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From patrick conant <patrick.con...@gmail.com>
Subject Re: Handling LDAP flakiness
Date Fri, 14 Jun 2013 21:24:55 GMT
Ah!  It's not set.  I'll give that a shot and see how it works.  Thanks for
the pointer!

--p.



On Fri, Jun 14, 2013 at 3:18 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Patrick,
>
> On 6/14/13 4:55 PM, patrick conant wrote:
> > I’ve got Tomcat configured with a JNDI Realm talking to Microsoft
> > Active Directory over LDAP.  It works perfectly when
> > ActiveDirectory works; but when ActiveDirectory gets flaky (which
> > it sometimes does), Tomcat doesn’t handle it well.  In one
> > particular case, I’ve got one thread stuck trying to talk to
> > ActiveDirectory and 199 additional threads waiting for the first
> > thread to release its lock on the JNDIRealm.  Relevant bits of the
> > stack dump are below.
> >
> > My first question is: is there a way to configure the JNDIRealm to
> > be more fault-tolerant?  It looks like I could add an alternateURL
> > attribute -- but in this case, it seems like the connection is hung
> > and the JNDIRealm doesn't recognize a failure, so it wouldn't fail
> > over to the alternateURL. Is there anything else I can do to allow
> > the JNDIRealm to recover from this situation?
> >
> > My second question is: really -- authentication is serialized?
> > Then I realized that the big bold TODO in the docs would address
> > this problem. (
> >
> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/realm/JNDIRealm.html
> ).
> >
> >
> Bummer.  I ought to get coding on that...
>
> What is your "timeLimit" attribute set to on this <Realm>? The default
> timeout is infinite...
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJRu4ipAAoJEBzwKT+lPKRYKjAP+wY9DQmicgVl7wYJ+ZwJd9Dp
> JVZHaxS1zaG4mAARyRcfH6Zgq47hYoroIoWEajV0VP3FVzux4M6zhFRtqu8LDthm
> jq7OlrmlQufUfgqqGIAUqg6BaDscl67VohRAS/odJpyItAQ11KKoxCd+A6kr1Slm
> RJHBirpyURX3u9p/SbB4G9Jz2cMELwckzT9OQsidZ7ylmb1Y+CXbAntzDmMEuf7/
> p4dDHOKkc4FipagO4dJOpDw+WUYgSoqhCVDaP5wf6/gpZU5oPU/u0MY3drnI0lhE
> ofAdnGGntgORp9JpvtnZeyTm8PWLfbRmWqRVH6kDczzgoUoRRcoMJqdg9g4f7Z9A
> k9a+WDazPbapMXKK+tJ0gG4KDD7x1jy6hzOjAI8iz59kRrDoRS/ESJzsIg0IaWMh
> qewLMthnjPoo7P+CRCSxKBTbPb2sbYEquWQ0M9y+0BEdgTqOpO7fDG6RVMLJFnhP
> Mmf0HWKN0JLBgIT5DU7wpCwFONyGOmHF6poSIOPRtjYprXv4EP9Q7trS7BrLPg2h
> a4vXAUz5ihQJ6tyz7aSPS7P+e/sd2Ha1x/er+kGou49dtdX8MxPhh3ZB+ATpYJBP
> /ZPqf3ERo+8AnCv4ZHhuJBn2uhyFNc2XacoNS1LUGIfrJR4AVYli5ZVJP8cqA8E3
> i+C6pIQobmKzBtT9Uumd
> =4AXj
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message